Notes about Amazon S3.
-
Data is transferred to S3 via SSL. See Q: How secure is my data?.
-
For linking to assets via https, their S3 URL must be used. On Rails this can be done via the
config.action_controller.asset_host
variable. Rails 3.1 Assets on S3 with HTTPS. -
One practical way to secure files in an access-restricted area is to obscure the filenames. See AWS S3/Ruby on Rails/ heroku: Security hole in my app. Also see Rails implementation for securing S3 documents.
-
Another way to secure files is to have them expire after a set amount of time. The Paperclip Rails extension uses this approach, setting URLs to expire after 10 seconds. Restricting Access to Objects Stored on Amazon S3. Also see the ‘No more streaming, time for a redirection’ section of Protecting your Paperclip downloads.